-
January 4th, 2003, 06:22 AM
#1
Member
NEED HELP WITH A PAM MODULE (i wrote)
hi guys,
i am trying to write a pam module(just for fun and edu sake) that will take the user name and password typed at the login, pass it on to a server program that i wrote..the server part works just fine..i have named the module pam_uds.so..when i insert a line like the following in the login file for PAM things dont seem to work as i expected..i thought i would get a login..the server part checks the username and password in its local database and returns true if the user is found(not a problem in my present pam module)..however i am unable to get a login..when i inspect the logs i get the message
USER unknown to underlying authentication mechanism
this is the line i inserted in /etc/pam.d/login
auth required /lib/security/pam_uds.so
i hope someone can show me where i went wrong..where can i look for more info..i read the module writers guide and i am still struggling to understand it..ain the mean time a few tips and if possible a correction of the following code will be handy..
thanks a lot every one
/********************* CODE BEGINS ********************************/
#define PAM_SM_AUTH
#define PAM_SM_ACCOUNT
#define PAM_SM_SESSION
#define PAM_SM_PASSWORD
#include <system/pam_modules.h>
#include <sys/socket.h>
#include <arpa/inet.h>
#include <netinet/in.h>
#include <stdio.h>
#include <string.h>
static char password_prompt[] = "ENTER UDS PASSWORD: ";
#ifndef PAM_EXTERN
#define PAM_EXTERN
#endif
PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh,int flags,int argc, const char *argv[])
{
struct pam_conv *conv;
struct pam_message msg;
const struct pam_message *msgp;
struct pam_response *resp;
int sockfd;
struct sockaddr_in uds_server;
const char *user;
char *password;
int pam_err,pam_retry;
uds_server.sin_family = AF_INET;
uds_server.sin_addr.s_addr = inet_addr("192.168.0.2");
uds_server.sin_port = htons(12345);
sockfd = socket(AF_INET,SOCK_STREAM,0);
if(connect(sockfd,(struct sockaddr *)&uds_server,sizeof(uds_server)) < 0)
perror("CONNECT");
if ((pam_err = pam_get_user(pamh,&user,NULL)) != PAM_SUCCESS)
return pam_err;
if ((pam_err = pam_get_item(pamh,PAM_CONV,(const void *)&conv)) != PAM_SUCCESS)
return pam_err;
msg.msg_style = PAM_PROMPT_ECHO_OFF;
msg.msg = password_prompt;
msgp = &msg;
#ifdef _OPENPAM
pam_err = pam_get_authtok(pamh,PAM_AUTHTOK,(const char **)&password,NULL);
#else
resp = NULL;
pam_err = (*conv->conv)(1,&msgp,&resp,conv->appdata_ptr);
if(resp != NULL)
if(pam_err = PAM_SUCCESS)
password = resp->resp;
#endif
if (pam_err != PAM_SUCCESS) {
return (PAM_AUTH_ERR);
break;
}
write(sockfd,password,strlen(password));
}
PAM_EXTERN int
pam_sm_setcred(pam_handle_t *pamh, int flags,
int argc, const char *argv[])
{
return (PAM_SUCCESS);
}
PAM_EXTERN int
pam_sm_acct_mgmt(pam_handle_t *pamh, int flags,
int argc, const char *argv[])
{
return (PAM_SUCCESS);
}
PAM_EXTERN int
pam_sm_open_session(pam_handle_t *pamh, int flags,
int argc, const char *argv[])
{
return (PAM_SUCCESS);
}
PAM_EXTERN int
pam_sm_close_session(pam_handle_t *pamh, int flags,
int argc, const char *argv[])
{
return (PAM_SUCCESS);
}
PAM_EXTERN int
pam_sm_chauthtok(pam_handle_t *pamh, int flags,
int argc, const char *argv[])
{
return (PAM_SERVICE_ERR);
}
#ifdef PAM_MODULE_ENTRY
PAM_MODULE_ENTRY("pam_uds");
#endif
/****************************************END*********************************/
-
January 4th, 2003, 04:26 PM
#2
Maybe you should first try to make a pam authentication module which uses a hard-coded login / password - don't try to run before walking.
How does it determine the information required to log in (uid, gid, $HOME, $SHELL etc) ? Is there an entry in passwd for the user? Does there need to be?
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|